Subj : Slackware 15.0 Changelog update To : All From : Slacker Date : Thu Mar 14 2024 06:40:15 Wed Mar 13 19:46:48 UTC 2024 patches/packages/expat-2.6.2-x86_64-1_slack15.0.txz: Upgraded. Prevent billion laughs attacks with isolated use of external parsers. For more information, see: https://github.com/libexpat/libexpat/commit/1d50b80cf31de87750103656f6eb693746854aa8 https://www.cve.org/CVERecord?id=CVE-2024-28757 (* Security fix *) +--------------------------+ Fri Mar 8 19:20:11 UTC 2024 patches/packages/xfce4-weather-plugin-0.11.2-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. +--------------------------+ Thu Mar 7 20:40:08 UTC 2024 patches/packages/ghostscript-9.55.0-x86_64-2_slack15.0.txz: Rebuilt. Fixes security issues: A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. Thanks to J_W for the heads-up. Mishandling of permission validation for pipe devices could allow arbitrary code execution. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664 (* Security fix *) +--------------------------+ Tue Mar 5 21:16:50 UTC 2024 patches/packages/mozilla-thunderbird-115.8.1-x86_64-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/ https://www.cve.org/CVERecord?id=CVE-2024-1936 (* Security fix *) patches/packages/postfix-3.6.15-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. For more information, see: https://www.postfix.org/announcements/postfix-3.8.6.html +--------------------------+ Fri Mar 1 22:13:28 UTC 2024 patches/packages/expat-2.6.1-x86_64-1_slack15.0.txz: Upgraded. This is a bugfix release. +--------------------------+ Thu Feb 29 19:11:19 UTC 2024 patches/packages/openjpeg-2.5.2-x86_64-1_slack15.0.txz: Upgraded. Fixed a regression in openjpeg-2.5.1: API breakage / openjpeg version no longer detected (openjpeg.h no longer includes opj_config.h). +--------------------------+ Wed Feb 28 18:36:48 UTC 2024 patches/packages/wpa_supplicant-2.10-x86_64-2_slack15.0.txz: Rebuilt. Patched the implementation of PEAP in wpa_supplicant to prevent an authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-52160 (* Security fix *) +--------------------------+ Mon Feb 26 20:09:43 UTC 2024 patches/packages/openjpeg-2.5.1-x86_64-1_slack15.0.txz: Upgraded. Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-3575 (* Security fix *) +--------------------------+ Sun Feb 25 19:16:52 UTC 2024 patches/packages/whois-5.5.21-x86_64-1_slack15.0.txz: Upgraded. Updated the .cv and .sd TLD servers. Removed 4 new gTLDs which are no longer active. +--------------------------+ --- SBBSecho 3.20-Linux * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (110:211/1) .